using gnupg with mutt
Georgi Guninski
guninski at guninski.com
Sat Jul 2 04:47:19 PDT 2016
On Fri, Jul 01, 2016 at 08:11:20PM -0700, Rayzer wrote:
> Waiting for Juan to tell us how compromised gpg is and that you're a fed
> if you question his (snigger) authority.
>
=====
https://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html
Thu Nov 27 09:29:51 CET 2003
GnuPG's ElGamal signing keys compromised
Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys for signing. This is a significant security failure
which can lead to a compromise of almost all ElGamal keys used for
signing. Note that this is a real world vulnerability which will
reveal your private key within a few seconds.
======
Do you mean to see more like this from gpg?
IIRC gpg used small number, to save picoseconds in computations
and the attack fucked them with lattice reduction in nanoseconds...
Not to mention the compatibility with pgp 0.0001, which makes
keyid collisions trivial (the ubuntu comrades suffered from this
few times).
More information about the cypherpunks
mailing list